Overview

VMFUNC is an Intel hardware instruction that allows software in non-root mode (in both kernel and user modes) to invoke a VM function. VM functions are processor features managed by the hypervisor. EPTP (the pointer to an EPT) switching is one of these VM functions, which allows the guest to load a new value for the EPTP from an EPTP list stored in the Virtual Machine Control Structure (VMCS) configured by the hypervisor. The new EPT then translates subsequent guest physical addresses (GPA) to host physical addresses (HPA). The EPTP list can hold at most 512 EPTP entries. The typical usage of EPTP switching is to create multiple domains for one physical address space and these domains usually have different memory mappings and privileges. With the Virtual Processor ID (VPID) feature enabled, the VMFUNC instruction does not flush TLB.

Details

Q&A

Q: TLB是gva->hpa的映射,EPTP切换之后,此时HPA可能会发生变化,那么vmfunc需要flush TLB吗?

A: The logical processor starts creating and using guest-physical and combined mappings associated with the new value of bits 51:12 of EPTP; the combined mappings created and used are associated with the current VPID and PCID (these are not changed by VMFUNC).
当enable VPID时,硬件会重新creating mappings!所以是由硬件保证了TLB的正确性,无需flush TLB!
笔者猜测硬件的行为:执行vmfunc命令时,处理器会检查TLB中当前VPID和PCID的相关entry,然后更新TLB中的相关entry(比如会更新HPA的值或者权限)。

参考资料:

  1. SkyBridge: Fast and Secure Inter-Process Communication for Microkernels
  2. Intel SDM Vol3